#region Copyright (c) 2003, newtelligence AG. All rights reserved.
/*
// Copyright (c) 2003, newtelligence AG. (http://www.newtelligence.com)
// Original BlogX Source Code: Copyright (c) 2003, Chris Anderson (http://simplegeek.com)
// All rights reserved.
//  
// Redistribution and use in source and binary forms, with or without modification, are permitted 
// provided that the following conditions are met: 
//  
// (1) Redistributions of source code must retain the above copyright notice, this list of 
// conditions and the following disclaimer. 
// (2) Redistributions in binary form must reproduce the above copyright notice, this list of 
// conditions and the following disclaimer in the documentation and/or other materials 
// provided with the distribution. 
// (3) Neither the name of the newtelligence AG nor the names of its contributors may be used 
// to endorse or promote products derived from this software without specific prior 
// written permission.
//      
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS 
// OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 
// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 
// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 
// OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// -------------------------------------------------------------------------
//
// Original BlogX source code (c) 2003 by Chris Anderson (http://simplegeek.com)
// 
// newtelligence is a registered trademark of newtelligence Aktiengesellschaft.
// 
// For portions of this software, the some additional copyright notices may apply 
// which can either be found in the license.txt file included in the source distribution
// or following this notice. 
//
*/
#endregion

using System;
using System.Web.Security;
using newtelligence.DasBlog.Web.Core;

namespace newtelligence.DasBlog.Web
{

	/// <summary>
	///		Summary description for LoginBox.
	/// </summary>
	public abstract class LoginBox : System.Web.UI.UserControl
	{
		protected System.Web.UI.WebControls.TextBox username;
		protected System.Web.UI.WebControls.TextBox password;
		protected System.Web.UI.WebControls.Button doSignIn;
		protected System.Web.UI.WebControls.Label Label1;
		protected System.Web.UI.WebControls.Label Label2;
		protected System.Web.UI.WebControls.CheckBox rememberCheckbox;
		protected System.Web.UI.HtmlControls.HtmlInputHidden challenge;
		protected System.Resources.ResourceManager resmgr;

		private void Page_Load(object sender, System.EventArgs e)
		{
			resmgr = ((System.Resources.ResourceManager)ApplicationResourceTable.Get());
			DataBind();

			if (Page.FindControl("LoginBox") == null)
			{
				this.ID = "LoginBox";

				//				string pageID = "mainForm";
				//				string parendID = this.ID+"_";

				// OmarS: form elements can no longer be accessed by name due to XHTML
				// rules. This ensures we will work on Whidbey
				/*
				string usernameID = "document." + pageID + "." + parendID + "username.value";
				string passwordID = "document." + pageID + "." + parendID + "password.value";
				string challengeID = "document." + pageID + "." + parendID + "challenge.value";
				*/

				// PaulB: Changed the Javascript to use document.getElementById, and the WebControl.ClientID property to make 
				// sure we will work on future versions.
				/*
				string usernameID = String.Format("document.forms[\"{0}\"].elements[\"{1}\"].value", pageID, parendID + "username");
				string passwordID = String.Format("document.forms[\"{0}\"].elements[\"{1}\"].value", pageID, parendID + "password");
				string challengeID = String.Format("document.forms[\"{0}\"].elements[\"{1}\"].value", pageID, parendID + "challenge");
				*/
				
				// form the script that is to be registered at client side.
				String scriptString = "<script type=\"text/javascript\" language=\"JavaScript\" src=\"md5.js\"></script>\n";
				scriptString += "<script type=\"text/javascript\" language=\"javascript\">\n";
				scriptString += "	function doChallengeResponse() {\n";
				// uncomment to debug in IE.
				// IE -> Tools -> Internet Options... -> Advanced -> Browsing
				// Disable Script Debugging should be unchecked
				// scriptString += "	debugger;\n";
				scriptString += "	password = document.getElementById('" + password.ClientID + "').value;\n";
				scriptString += "	if (password)	{\n";
				scriptString += "		password = net_md5(password);	// this makes it superchallenged!!\n";
				// get the value for the challenge
				scriptString += "		challenge = document.getElementById('" + challenge.ClientID + "').value;\n";
				// get the value for the username
				scriptString += "		username = document.getElementById('" + username.ClientID + "').value;\n";
				// create a challenge
				scriptString += "		str = challenge + password + username;\n";
				scriptString += "		str = net_md5(str);\n";
				// prepare the challenge and the password for the postback
				scriptString += "		document.getElementById('" + challenge.ClientID + "').value = str;\n";
				scriptString += "		document.getElementById('" + password.ClientID + "').value = '';\n";
				scriptString += "	}\n";
				scriptString += "}\n";
				scriptString += "</script>";

				if(!Page.IsClientScriptBlockRegistered("clientScript"))
				{
					Page.RegisterClientScriptBlock("clientScript", scriptString);
					doSignIn.Attributes.Add("onclick", "doChallengeResponse();");
				}
			}
			
			if (!Page.IsPostBack)
			{
				challenge.Value = Session.SessionID.ToString();
				ViewState["challenge"] = challenge.Value;
			}
		}

		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		///		Required method for Designer support - do not modify
		///		the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{
			this.doSignIn.Click += new System.EventHandler(this.doSignIn_Click);
			this.Load += new System.EventHandler(this.Page_Load);

		}
		#endregion

		private void doSignIn_Click(object sender, System.EventArgs e)
		{
			UserToken token = SiteSecurity.Login(username.Text, challenge.Value, ViewState["challenge"].ToString());
			if (token != null)
			{
				FormsAuthentication.SetAuthCookie(token.Name, rememberCheckbox.Checked);
				Response.Redirect(Utils.GetAdminPageUrl(), true);
			}
			else
			{
				challenge.Value = Session.SessionID.ToString();
				ViewState["challenge"] = challenge.Value;
			}
		}
	}
}
